What happens when you see the latest headline on a massive password or data breach? Odds are you go about your day, hoping your information is safe. While wishful thinking is harmless for your favorite team’s chances in the next game, it’s no help in the context of your personal cyber security. Over 4.1 billion data records1 were exposed in 2019. Every individual and organization needs to be vigilant against hackers and other online attacks. Read on for some cyber security tips to follow within your business and personal life.
Create strong passwords
Unfortunately, many people use ‘password’ or ‘123456’. Yes, they’re convenient and easy to remember. The problem is, they’re just as easy for others to guess. Take a look at some of the most commonly used passwords as a guide for what to avoid2.
There are several criteria3 for making a strong password. Get in the habit of using these when creating a password:
- Make the password long; it should be at least twelve characters.
- Include numbers, symbols, and a mix of upper- and lower-case letters.
- Don’t limit it to words you’d find in a dictionary. Mix it up. Consider using an acronym that’s meaningful to you and unknown to others.
- Don’t rely on substituting numbers or symbols for letters. For example, “[email protected]” is not a very safe password. Hackers know these tricks and easily get past them.
Use multifactor authentication
If one password authentication enables one level of security, multifactor authentication raises the amount of security considerably. Sometimes called two-factor authentication (or 2FA), this method involves using two pieces of evidence of your identity. These pieces can be classified as something you know (like a password), something you have (like the chip in a credit card), and something you are (like a fingerprint or scanned retina). It’s a fairly painless way of adding some security, and it’s one of the top three ways cyber security experts protect their own information.4
Never leave devices unattended
It sounds obvious to keep an eye on your expensive electronics, but take a trip to any public space and prepare to be surprised at how many people leave laptops and phones alone and unlocked. You and your employees should keep devices secure at all times.
Develop a disaster recovery plan
Make sure to add an IT component to your organization’s emergency procedures,5 and follow drills in the same way you would with any other disaster plan. This should include plans for data recovery and reputation management in case evil doers gain access to your social media accounts. You might even want to consider insuring against a cyber disaster.
Do not click on suspicious links
Is it possible there’s a prince from another country who wants you to hold his vast fortune for a commission? Like anything that sounds too good to be true, you should be very skeptical of emails you’re not expecting. Clicking on a malicious link could expose your device or network to a virus or give a hacker access to your system. Look for a few warning signs when you get an email from someone you don’t know:
- Requests for personal information. Reputable organizations won’t do this in an initial communication.
- Strange email addresses. Your bank is not going to email you from a Yahoo account. Business messages should come from business domains.
- Strange attachments. Don’t open attachments, unless you specifically requested them.
- Typos. You’d think a hacker mastermind would run spell check, but no.
If you receive an email and have doubts about its authenticity, reach out to the (supposed) sender directly through their website or phone number, NOT through the links or contact information in the email.6
Be wary of public or open wireless networks
It’s a big convenience being able to access wi-fi anywhere, but it also raises significant security concerns. No public wi-fi is 100% secure, so always use good judgement when deciding to jump on an open wi-fi network. If the risk outweighs the benefits of sending that email, it’s better to wait until you can connect securely.
You’ll also want to only connect to a network that uses an encrypted HTTPS connection. Your browser should indicate this in the URL, and Google Chrome makes it explicit if a site is not secure. Using a VPN can give you an added layer of security. And of course, don’t go do your banking or other sensitive browsing in a public space. Save that for home.7 8
Diversify the types of security you use
Don’t just rely on changing your password every month as a defense against cyber attacks. Fighting against cyber threats is an arms race where new forms of attacks appear all the time. Make sure your organization is up to date with current online threats and your technology is up to date. This means updated anti-virus software as well as installing updates for all browsers and email clients. But don’t forget the human side. Make sure your staff is aware of what they need to do as well.
Never send payments without confirming with the source
Make sure that link to PayPal is going to where you expect. If you need to make an online payment, confirm directly with the recipient that you have the right payment address and confirm they’ve received your payment when the transaction is complete. Third parties like PayPal offer a number of protections for online transactions, as do most credit cards (versus using a debit card). Check with your provider for specific protections.
Actively train employees on how to be safe online
While these tips might make sense to you, it takes only one employee to slip up and expose your company’s systems and data to hackers. Make sure your staff follows set cyber security guidelines and has basic network security awareness. The guidelines discussed here are a good starting point for a company-wide plan.
While there are many dangers in the online world, a little common sense and thoughtful planning can help you avoid them. To learn more, visit our Learning Center for information about business insurance policies that can protect your digital operations.